In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix gssauth kref leak in gssalloc_msg error path
Commit 5940d1cf9f42 ("SUNRPC: Rebalance a kref in authgss.c") added a krefget(&gssauth->kref) call to balance the gssputauth() done in gssreleasemsg(), but forgot to add a corresponding krefput() on the error path when kstrdup_const() fails.
If servicename is non-NULL and kstrdupconst() fails, the function jumps to errputpipeversion which calls putpipeversion() and kfree(gssmsg), but never releases the gssauth reference. This leads to a kref leak where the gssauth structure is never freed.
Add a forward declaration for gssfreecallback() and call krefput() in the errputpipeversion error path to properly release the reference taken earlier.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45964.json"
}